Auto-complete for passwords is a feature commonly used on browsers today. It is a mechanism that allows usernames and passwords to be automatically entered into a web form. Only around 20% of US internet users have unique passwords for each online account. Many people have to manage dozens of different passwords and see auto-fill as a convenient feature that cuts down on time. Others use a dedicated application to manage passwords outside of the browser. However, this is much more dangerous than many realize.
A hacker can easily trick the browser or program by placing an invisible form on a compromised web page.
MARKETERS TRACK TOO
Surprisingly, this is not only done by hackers. Digital marketers often deploy this trick to track what websites users visit. Both AdThink and OnAudience are known to do this. Their goal is gathering data for marketing purposes, but IT professionals warn it would not be hard for them to steal passwords as well.
It is quite simple to disable auto-complete in a browser. Most browsers allow easy access to privacy settings and users can disable auto-complete within a minute. Below are instructions to accomplish this.
For Chrome users
Go to the Settings window, go to Advanced, and then disable under Manage Passwords.
For Firefox users
Go to the Options window, click the Privacy tab, then under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
For Safari users
Open the Preferences window, select the Auto-fill tab, and turn off all features related to usernames and passwords.
Unfortunately, this is just one way hackers can get your information. Modern organizations with advanced technology require more managed measures against hackers.